Attack Graph
Overview
Section titled “Overview”The Attack Graph renders your environment’s attack paths as an interactive, force-directed graph — nodes are identities and resources, edges are the moves an attacker can make between them. It’s the fastest way to see how exposure connects.
Key benefits
Section titled “Key benefits”| Benefit | Capability | Business value |
|---|---|---|
| Intuition | Visual graph of nodes and edges | Grasp complex exposure at a glance |
| Exploration | Pan, zoom, expand, and inspect nodes | Investigate without reading raw data |
| One place | Graph Analysis Hub for all graph views | Resource, attack, and force graphs together |
How it works
Section titled “How it works”Open Attack Analysis → Attack Graph. Each node represents an identity or resource; edges represent possible transitions (impersonation, permission grants, network reach). Selecting a node reveals its details and the paths that pass through it, so you can trace a chain end to end.
The Graph Analysis Hub (Operations → Graph Analysis Hub) brings the graph views together — the resource relationship graph, the attack graph, and the force-directed view — for a single scan.
Implementation / workflow
Section titled “Implementation / workflow”- Run a scan and open Attack Graph (or the Graph Analysis Hub).
- Identify dense clusters and high-degree nodes — these are often choke points.
- Click through a path to its findings and remediation.
- After fixing a choke point, re-scan and confirm the graph thins out.
Best practices
Section titled “Best practices”- Look for high-degree nodes (many edges) — securing them often collapses multiple paths.
- Use the graph alongside Top Paths for a ranked, then visual, workflow.